[tor-dev] A modest proposal for a petname system in ideas/xxx-onion-nyms.txt
boyska
piuttosto at logorroici.org
Mon Mar 19 22:26:14 UTC 2012
hello, I'm new to the list (and to tor development), so I introduce
myself.
I mostly subscribed because I'm seriously considering to apply for
google summer of code with torproject :)
I'm especially interested to the "petname" problem, I'll write more
below
Steven Murdoch wrote:
> On 17 Dec 2011, at 01:14, Jacob Appelbaum wrote:
> > A nym will expire if either the HS goes offline for longer than a
> > given time
> > threshold or if he explicitly requests removal of the association to that
> > particualr nym. This allows dynamic reallocation of nyms and avoids nym
> > squatting.
>
> This may be stating the obvious, but a problem here is someone could DoS
> the hidden service for sufficiently long they could steal the nym. If
> the attacker is smart, they will only do the DoS when the nym authority
> is checking (which suggests the nym authority should check at random
> intervals).
that's of course one of the biggest problem to face; the other is the
single-point-of-failure issue.
Why don't we make the other way around? That is, Beppe itself will
periodically send a signed message to such an "authority" stating the
petnames he wants to be associated to. This could also been sent by
means that are not reachable for the attacker (for example, in case of a
serious attack, Beppe could just sent this message manually with an
email from a different computer)
Then I'd like to ask about the extent of such a project for GSoC.
I'm really interested in doing this because I really like the concept of
darknet and the "petnames" will really make them reasonably easy to use.
However, it's easy to see the limits of this: single point of failure,
which is both a problem for crashes AND censorship/security (what if the
central authority start censor nyms? or worst, providing false
associations).
I suppose that a GSoC student can't solve all this problems alone :)
So, how much is "enough"?
Of course, I really intend to continue my work/research about this, but
when talking about jobs, allocating time is really important.
Greetings
--
boyska
More information about the tor-dev
mailing list